Email query
-
Why do they need to authenticate to send an e-mail to someone in their organisation?
-
Here is the Windows way of doing it. https://support.office.com/en-us/article/How-to-configure-IIS-for-relay-with-Office-365-eb57abd2-3859-4e79-b721-2ed1f0f579c9?ui=en-US&rs=en-US&ad=US
It is being deprecated but if you're on Server 2012R2 you still have access to it. Just make sure you restrict it so that only the localhost can send emails through it.
-
@Carnival-Boy said in Email query:
Why do they need to authenticate to send an e-mail to someone in their organisation?
The application is trying to connect and send SMTP. Office 365 does not allow that out of the box.
-
If I want to send an e-mail to @bishnitro I can just make an SMTP connection to his server and send him an e-mail, can't I?
-
@bishnitro said in Email query:
is there a relay that is friendly to non-linux user like me?
Yeah, postfix is not that bad. You can also run something on Windows, but really, the Linux way isn't bad. And is a great learning experience.
-
@Carnival-Boy said in Email query:
If I want to send an e-mail to @bishnitro I can just make an SMTP connection to his server and send him an e-mail, can't I?
In theory, yes. But with modern security, that's never realistically possible.
-
@bishnitro said in Email query:
is there a relay that is friendly to non-linux user like me?
I just built one this week. It seems to be a popular topic at the moment.
-
@scottalanmiller said in Email query:
But with modern security, that's never realistically possible.
Why not?
-
@scottalanmiller said in Email query:
@Carnival-Boy said in Email query:
If I want to send an e-mail to @bishnitro I can just make an SMTP connection to his server and send him an e-mail, can't I?
In theory, yes. But with modern security, that's never realistically possible.
It will not work. when an app tries this is will get blocked for relaying.
-
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
But with modern security, that's never realistically possible.
Why not?
Lots of reasons, all around security and stopping spam, none of these are 100%, but most are like 95% true and with the overlap, it's nearly 100% that it would cause an issue:
- Port 25 is not always used any longer, it's one of three main ports.
- TLS is often required.
- SPF records are sometimes required.
- Reverse lookups almost always need to work.
And more. Accepting email from "just anywhere" isn't done any longer. At a minimum most sites need to be set up as the official email system for the domain in question. Getting email to the big boys that represent most of the market (MS, Google, etc.) is even harder.
-
If you don't have all of these things, then some systems will allow you to connect as an authenticated user, if you have an account on that system, which is what we are trying to do here. But the issue is that the proprietary software doesn't allow for the user to log in on the email system so that doesn't work.
-
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
But with modern security, that's never realistically possible.
Why not?
doing this correctly would mean that the OP would using a sending address that is on the same domain as his email domain that's hosted on O365. O365 will deny emails claiming to be coming from somewhere else for the same domain, because O365 Knows that it's responsible for that domain - it's an antispam thing.
-
Then you could use a different domain address.
-
@JaredBusch said in Email query:
I guess you could actually just create an anonymous receive connector in Office 365 and restrict it to your public IP.
- Sign in to Office 365
- Go to Exchange Admin
- Select Mail Flow
- Select Connectors.
- Click the Plus
- These options to get past the stupidity filter
- Name it
- Click the second radio button to require an IP and click the plus.
- Enter your public subnet for the office
- Click next
- Verify and click save
- There you go.
- Set said shitty app to use FQDN.mail.protection.outlook.com for the SMTP server
- mine would be bundystl-com.mail.protection.outlook.com
-
@Dashrender said in Email query:
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
But with modern security, that's never realistically possible.
Why not?
doing this correctly would mean that the OP would using a sending address that is on the same domain as his email domain that's hosted on O365. O365 will deny emails claiming to be coming from somewhere else for the same domain, because O365 Knows that it's responsible for that domain - it's an antispam thing.
Not if you make a connector as I just listed.
-
@scottalanmiller said in Email query:
- SPF records are sometimes required.
You can create an SPF record for the IP address of the application sending the e-mail.
-
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
- SPF records are sometimes required.
You can create an SPF record for the IP address of the application sending the e-mail.
Yes, if you have a static IP address.
-
@Carnival-Boy said in Email query:
Then you could use a different domain address.
Sure, one that you are going to be an authoritative email host for.
-
@Carnival-Boy said in Email query:
Then you could use a different domain address.
Sure, as long as you don't get bit by those other things that Scott mentioned. O365 will be doing pretty much all of them to protect it's uses against spam.
-
@JaredBusch said in Email query:
@Dashrender said in Email query:
@Carnival-Boy said in Email query:
@scottalanmiller said in Email query:
But with modern security, that's never realistically possible.
Why not?
doing this correctly would mean that the OP would using a sending address that is on the same domain as his email domain that's hosted on O365. O365 will deny emails claiming to be coming from somewhere else for the same domain, because O365 Knows that it's responsible for that domain - it's an antispam thing.
Not if you make a connector as I just listed.
Very nice bro!